Hello,

I found a proc it makes ImportTable and makes 3 Tables:
"Kernell32.dll"
"LoadLibraryA"
"GetProcAddress"

I need "MessageBox" too? How can that input this table
proc.
Who can help me...

Thank you..


szKernel db "KeRnEl32.dLl",0
szLoadLibrary db "LoadLibraryA",0
szGetProcAddress db "GetProcAddress",0
szMessageBox db"MessageBox",0 ; < input this in table

AssembleIT PROC USES ebx ecx edx esi edi, pAddress4IT : LPVOID, dwNewSectionVA : DWORD
mov esi,pAddress4IT ; esi -> base of the new IT

; Zero the memory for the new IT
mov eax,pAddress4IT
mov ecx,IT_SIZE
ZeroMem:
mov byte ptr ,0
inc eax
loop ZeroMem

; build a new,nice ImportTable :)
mov ebx,esi
mov eax,SIZEOF IMAGE_IMPORT_DESCRIPTOR
xor edx,edx
mov ecx,2
mul ecx
add ebx,eax ; make ebx point after the terminating IID
assume esi:ptr IMAGE_IMPORT_DESCRIPTOR
mov eax,ebx ; process the IID Name
sub eax,esi
add eax,dwNewSectionVA
mov .Name1,eax
push esi
mov esi,offset szKernel
mov edi,ebx
.REPEAT
lodsb
stosb
.UNTIL byte ptr == 0
pop esi
mov ebx,edi
inc ebx
mov eax,ebx ; process the FirstThunk pointers
sub eax,esi
add eax,dwNewSectionVA
mov .FirstThunk,eax
mov edx,ebx
add edx,10
mov eax,edx
sub eax,esi
add eax,dwNewSectionVA
mov ,eax
add edx,2
push esi
mov esi,offset szLoadLibrary
mov edi,edx
.REPEAT
lodsb
stosb
.UNTIL byte ptr == 0
pop esi
mov edx,edi
add ebx,4
mov eax,edx
sub eax,esi
add eax,dwNewSectionVA
mov ,eax
add edx,2
mov esi,offset szGetProcAddress
mov edi,edx
.REPEAT
lodsb
stosb
.UNTIL byte ptr == 0
assume esi : nothing
ret
AssembleIT ENDP
Posted on 2003-02-21 05:26:25 by Fred
why? you already have LoadLibray and GetProcAddress... just
load "User32.dll" and look up the entry point of "MessageBoxA"
and you're done
Posted on 2003-02-21 09:19:54 by mob

why? you already have LoadLibray and GetProcAddress... just
load "User32.dll" and look up the entry point of "MessageBoxA"
and you're done


Hello,

Thanks for your Mail. How Can I input "User32.dll" ??? then...

I need this loader for a PE-Loader This must work alone..
I am not good in ASM.
If I include User32.dll then can I ask all DLL options: messageBox,.... ???
Posted on 2003-02-21 09:26:24 by Fred
i don't have the time right now to go through that snipped... but all
you have to do is find out where it retrieves the entrypoints of the
GetProcAddress & LoadLibrary Kernel funtions. with these two API's
you're virtually free and can from there on use all API's you want.

but what do you mean with "PE-Loader" ... i mean if you really meant
PE-LOADER, this isn't easy so if you "are not good in ASM" like you
said, i would rather study ASM followed by the pe-header if i was you.

however, a couple of months ago i wrote an exe-binder, it retrieves
the kernel base and let's you define the API's you want to use before-
hand (the algo, not the exe-binder). so you could check it out and decide
if it suits to you -here- (right mouseclick->save because of tripod)
Posted on 2003-02-21 09:46:20 by mob
Hello,

Thanks... for your answer.

OR..

If I include with this loader:
invoke MessageBox,0,Text,TexCap,MB_OK

It do not run?

Can I have a code with a MessageBox and CaptionText,TExt and MB_OK Button with do not need
other include files or stand alone in files and run?
So I do not change this loader and I have my messagebox.
Posted on 2003-02-23 04:16:50 by Fred